CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1277
https://notcve.org/view.php?id=CVE-2003-1277
31 Dec 2003 — Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html • http://www.iss.net/security_center/static/10989.php •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0275
https://notcve.org/view.php?id=CVE-2003-0275
14 May 2003 — SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. SSI.php en YaBB SE 1.5.2 permite que atacantes remotos ejecuten código PHP arbitrario modificando el parámetro "sourcedir" para referenciar una URL en un servidor web remoto que contiene el código. • http://marc.info/?l=bugtraq&m=105249980809988&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1846
https://notcve.org/view.php?id=CVE-2002-1846
31 Dec 2002 — Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. • http://online.securityfocus.com/archive/1/296121 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2002-2296 – YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2296
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. • https://www.exploit-db.com/exploits/22052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2002-1845 – YaBB 1.40/1.41 - Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1845
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. • https://www.exploit-db.com/exploits/21950 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2002-0955 – YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0955
31 Aug 2002 — Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. • https://www.exploit-db.com/exploits/21573 •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 3CVE-2002-0117 – YaBB 9.1.2000 - Cross-Agent Scripting
https://notcve.org/view.php?id=CVE-2002-0117
25 Mar 2002 — Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Vulnerabilidad Cross-site todavía en el Bulletin Board de (YaBB) 1 Gold SP 1 y anteriores permite a atacantes remotos ejecutar scripts arbitrarios y cookiess de robo vía un mensaje que contiene Javascript codificado en una etiqueta IMG. • https://www.exploit-db.com/exploits/21208 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2000-1176 – YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2000-1176
19 Dec 2000 — Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field. • https://www.exploit-db.com/exploits/20387 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2000-0853 – YaBB 9.1.2000 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2000-0853
14 Nov 2000 — YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20218 •